Skip to main content
CVE-2025-41404 MEDIUM This Month

A remote code execution vulnerability in iroha Board (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Iroha Board
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2025-48497 MEDIUM This Month

Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learning histories may be registered.

CSRF Iroha Board
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2025-5932 MEDIUM This Month

The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the main_settings() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-5315 MEDIUM PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

Gitlab Authentication Bypass Ubuntu Debian
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-6707 MEDIUM PATCH This Month

Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.

Authentication Bypass Ubuntu Debian MongoDB
NVD
CVSS 3.1
4.2
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy